Posted
by
timothy
on Saturday December 28, 2013 @05:58PM
from the if-you-reply-to-a-phantom-comment-do-you-exist? dept.

First time accepted submitter trentfoley writes "I've been trying to clean up my digital life (insert joke about having a life) and have run into a situation I fear is too common. Many social websites, nextdoor.com in particular, do not allow a user to delete the account they created. In the case of nextdoor.com, their privacy policy makes it clear that the user owns all of their data. If this is true, I should have the right to destroy that data. These lines of thought brought to mind the recent privacy defeat in Europe. Does the defeat of the EU's Right-to-be-Forgotten legislation bring a practical end to this debate?" I've read complaints today from Nextdoor.com users who say their data was sold, too.

And if that doesn't work then change as much as you can. Your email address should be the easiest. Then any other personal information that you can alter. If they won't delete it then make it worthless to them.

And this is another reason to fight against the current trend of requiring real names for accounts.

And change the photos, and put nasty notes (they lie, you don't really have control of your account, etc.) in watermarks on the photos, and add new such photos. Do it slowly, a little each day for a couple months. Then just let it sit without warning them. Then don't delete it even if they want you to and re-create it each time they delete it. Create new accounts wilh nothing but bogus information using burner email accounts. Make them wish they had treated you right, even once they start treating you

I've never given correct information to any website to start. It was completely obvious that they would use that information to their advantage as that is what capitalist corporations *do*.

Was there ever an advantage to me having the information with them? Is the information needed for them to perform a service for me? If the answer to those questions is no, then they get BS info, and a lower level password I keep in a protected space with all the rest.

If a company truly needs correct information from me, then I'm considerably more careful. However, that is actually quite rare. In most cases I can obfuscate and lie about my identity, even with paid services. Although they are working to plug those "meta" holes by heavily restricting just what you can purchase with prepaid credit cards, money orders, etc.

Social Networking is just plain dangerous when the information is centralized, and I never fell for it. It didn't matter what they were offering. I'm only interested in a completely decentralized, encrypted, p2p model similar to OneSocialMedia and Diaspora. Basically, if the infrastructure is inherently resistant towards surveillance and monetization by hostile parties (I consider advertising and marketing to be extremely hostile to my life) then I'm interested.

This post is a question about how to mitigate or outright reverse the damage to the person's privacy. I'm not sure that is really possible at all. More than likely, it's Pandora's box.

The answer is to have never danced with devil in the pale moonlight in the first place.

Here, just like other places, I purposefully choose identities that have conflicting data sets when you search for it. I know that I'm not 100% protected, but if they want to violate my privacy, they will have to work pretty damn hard to do it.

Be prepared to spend a long time on the phone though, and even then they often won't really delete your account. I tried this with Apple recently as I had an ancient account from back when I had an early iPod a decade ago. It took half an hour on the phone, I had to listen to endless dire warnings about losing all the data on "my" iCloud account that they made for me without my knowledge or ever agreeing to the terms and conditions. Endless stuff about how all my iTunes purchases with DRM would commit suicide (I never made any) and how all my devices would stop working (battery died years ago, can't be bothered to pry the thing open to replace it, if you can even buy 3rd gen iPod batteries any more).

After all that they finally agreed to delete the account, but added that I would never be able to sign up with the same email address again... So they were not really deleting it. My personal details are still on file somewhere. In the new year I'm going to write to them to demand they expunge everything.

Long story short, we need that EU right to be forgotten and some strong enforcement.

I don't know why you were modded down. I believe most banking is legally required to retain every customer transaction for 7 years. What does it exactly mean to "delete your Wells Fargo Online Account" when they are legally required to maintain your records?

If at any point your relationship involves a financial transaction, that company might have a valid interest in holding onto the receipts through at least the next year's taxes, and may have a responsibility to hold the records for longer.

Discussion lists traditionally don't give you a right to delete previous postings: Usenet and mailing list archives are forever. One rationale is simply technical inability (archives aren't controlled by a central authority), but there's also a sense that deleting miscellaneous posts from archives fragments the record of past conversations.

So, Nextdoor has forums and discussions. It seems fair to me that they don't retroactively delete posts from those. Therefore they need to maintain some kind of attribution to the now-deleted account. So they can't fully delete the account, in the sense of wiping any traces, but they could just make it a non-operable "deactivated" account that still has the posts attributed, but can't be used anymore. They might agree to hide the profile in this case, as well. Turns out, that is precisely what they do support [nextdoor.com].

So, Nextdoor has forums and discussions. It seems fair to me that they don't retroactively delete posts from those. Therefore they need to maintain some kind of attribution to the now-deleted account. So they can't fully delete the account, in the sense of wiping any traces, but they could just make it a non-operable "deactivated" account that still has the posts attributed, but can't be used anymore.

Understood.

But if the policy explicitly tells you that your additions are your property, than this argument doesn't work.

Many discussion forums I've been a part of allow deleting your own posts. Some even allow editing. That they don't give you a mechanism to blindly mass-delete posts wouldn't change your ownership rights over them.

For that matter, "ownership" rights may simply mean that you retain copyright over the posts. This doesn't mean you get to somehow magically make them all vanish on a whim -- no more than an author can go out and change or magically vanish copies of books already in other people's possession.

George Lucas was (at least until recently) the owner of the Star Wars Christmas Special. That doesn't give him the right to destroy all tapes made of it in the world. (Much as he wanted to - rumor has it he bought up and destroyed a great many copies before the digital age made it pointless)

The contract probably grants the site a license to display the user's posts publicly in perpetuity. Ownership of copyright doesn't mean you have to be able to revoke licenses already granted. For example, once I click Submit, I grant a license to Rob^W Ando^W VA^W Sour^W Geekn^W Dice that I can't revoke.

Saying they're your property most likely just means that you retain copyright. In order to store, backup, and display the messages you must have granted some license to the site. Otherwise you could just issue dmca takedown requests for all your posts.

"You agree that by submitting content to our service, you are granting a non-revokable, perpetual license to said content."

In which case you don't own it.

I'm not sure that follows. It's quite possible to own some land, but for someone else to have (say) a right of way over it - either that you've granted yourself, or that has arisen some other way. Such a right of way doesn't stop you using the land agriculturally, building on it, selling it, granting rights over it to other people, or forbidding third parties to use the land. You don't, however, have the power to revoke the right of way.

In such a situation, you are still the owner of the land, legally and in an everyday sense. Some people would argue that the situation with data is the same - you may remain the owner, but someone else can still have rights over it.

Uh, let's see. I write a book to which I own copyright. I then give away copies of the book to a million people.

Your scenario is unrelated to the situation the OP describes. This situation does not describe the dissemination of multiple copies of a work. The "owner" does not have to track down this copy or that, it's all in a database maintained by Nextdoor.com.

How does being the owner of something entitle you to someone else being required to provide the means to destroy it?

That's what "ownership" means. You get to control it.

Not necessarily. If you own a listed historic building then destroying or altering it is a criminal offence. There are quite a few other examples where you can own something but not legally destroy it.

I understand your point, except I have yet to see an Internet forum posting that has the same preservation-worthy historical qualities as, say, the Flatiron Building.

What would make more sense is for sites to have a retention policy. "We will delete posts older than five years, unless otherwise marked" or "all posts will be deleted after 365 days of inactivity of the poster's account." Really, it's almost all trash. Saving the lot of it for posterity is quite pointless.

I quite disagree. An awful lot of it is just transient communications that have no real value today other than entertainment.

What about the technical forums? I can't even begin to count how many posts from over 5 years ago led me towards solutions today. Is there a lot of noise and incorrect data? Sure. However, some sites account for that and rate the answers. Would you want to delete data that is provably valuable in some lines of research?

Ownership... In this case its like land ownership, sure you "own" your land, but you have very little rights regarding it. Need permission to do just about anything as far as construction or modifying the property. And if the govt decides that your land has greater benefit with someone else owning it, they can take it and give it to them http://en.wikipedia.org/wiki/Kelo_v._City_of_New_London [wikipedia.org]

And if you want to be the person owning it next year, you have to pay your yearly property taxes. Although the more I

I'm curious, should George Bush be able to delete all records of things he said publicly, to remove all mention of WMD from the archives? There is a strong argument that once you choose to publicly make assertions, to engage in open, written discussion, the comments you chose to publish remain. If I we

Not necessarily. If you own a listed historic building then destroying or altering it is a criminal offence. There are quite a few other examples where you can own something but not legally destroy it.

Well then, you don't really own that building; it's not your property. Then you're just licensing the right to lease out floor space in the damn thing, or something. As soon as you start mangling definitions, then you can do anything to this world.

Just like video game publishers would love for you to believe you "own" a copy of their game, when in fact you're just "licensing" it from them. The double-definitions and re-definitions needs to stop here, else the road it goes down isn't very pretty.

As soon as you start mangling definitions, then you can do anything to this world.

You're the only one mangling definitions. He's using the same one everyone else in his jurisdiction does, where (like every where else in the world) "ownership" is defined by statute. Just because you don't like the law doesn't change the fact that the law defines what property "ownership" is. Welcome to civilization. It's an improvement over the previous condition where the definition of "ownership" was "you've killed everyone who wasn't willing to let you keep it."

He's using the same one everyone else in his jurisdiction does, where (like every where else in the world) "ownership" is defined by statute.

I.e. implying that the definition of the word varies from place to place. The world is a very varied place, and I've been in places where "ownership" was "defined in statute" up until the point when the "statute" changed and individuals no longer "owned" certain things. That tells me diddly about what "ownership" means. Not only that but it, as well as the example in the other post, are contrary to the definition that most people accept in their minds without resorting to "statute".

You retain all ownership rights to the text, photos, video and other content you submit to Nextdoor.com (collectively, your “Content”). We can publish your Content in your neighborhood website or to nearby neighborhoods as described in our privacy policy.

This is part of the Member Agreement that you accept when you sign up. While I couldn't find anything more precise, the second sentence sure sounds like Nextdoor is giving themselves a license to using your content, which is what a lot of sites

We can publish your Content in your neighborhood website or to nearby neighborhoods as described in our privacy policy.

they grant themselves an unlimited, irrevocable, non-exclusive license to use it

Almost. They specify where and how they will use it. Content written in Los Angeles will not show up in New York City. And the decision to post to your neighborhood website or to multiple (within a radius of a mile or so) is made by the user at the time of the post. This isn't nearly as awful as Facebook letting companies stick your name and face next to their product.

Full Disclosure: I use Nextdoor. I have my own issues with parts of it, but I overall like the product. And I did receive a free t-shir

How does being the owner of something entitle you to someone else being required to provide the means to destroy it?

That's what "ownership" means. You get to control it.

You can own a copy of a book and not have the right to destroy other copies. You can own the copyright to a book and not have the right to destroy other people's copies of it. I can't find anything on Nextdoor.com that describes exactly what rights come with "owning your content", but I doubt they only gave themselves rights to it that are subject to the users' approval.

If you later decide that you would like to reactivate your account, you can do so at any time by signing in to Nextdoor using the same email address and password as before, and then clicking Reactivate.

So everything is still there.

Why not kill the account completely except for the past posts? And put the username and email address into a do-not-allow list so that a future user won't be able to take it over.

Data Modification/Deletion. You can delete your account by contacting us. Alternatively, you can delete most types of individual Content items. Deleting your account will delete all Content you provided, except that we may choose to retain Content incorporated into the neighborhood's conversations (and, as applicable, nearby neighborhoods); and we may attribute that Content to your name even after you depart. If we allow you to change neighborhoods on our site, we may retain your conversation contributions in your old neighborhood and nearby neighborhoods (and keep the attribution to your name) but allow you to move your profile to your new neighborhood. If you are the subject of an unauthorized profile, please contact us.

I can see where discussion sites don't allow for deletion as it is a royal PITA to maintain site integrity, threads, etc. if a user disappears.

An interesting post is here [tutsplus.com] on how to create a forum from scratch. The use of foreign keys to control this sort of referential deletion is part of the article. A pretty good primer, actually.

This isn't necessarily true. I worked at a place where the CEO came across some archived mailing-list posts that contained sensitive company information (apparently the previous sysadmin didn't have much regard for keeping sensitive company information secret when he had questions). An email or two asking them nicely to remove the content and it was gone. Granted, if it had been propagated to many other archive sites, this could have been a major pain in the ass.

I'm often interested in deleting accounts I don't use to avoid handing over my data to attackers when their systems are breached. The more sites I've given my data to, the more likely some random attack that grabs a DB dump is to have a copy of my Name, Email, (hashed)? password, etc. Depending on the type of site it may even get some bonus data in the form of answers to security questions.

This sounds lame, but the amount of spam currently directed at the accounts I used on: the motley fool, eharmony, Adobe, is quite high. Just putting my name at the top makes it that much more likely I'll be scammed by some phishing email.

Content. You retain all ownership rights to the text, photos, video and other content you submit to Nextdoor.com (collectively, your “Content”). We can publish your Content in your neighborhood website or to nearby neighborhoods as described in our privacy policy [nextdoor.com].

If they are anything like Facebook then deactivation is meaningless. Facebook keeps all your personal data and history on file. Changing your details doesn't help, they keep a full history of every name you ever used, every date of birth, every status update. When the site finally goes under and they sell off your data that info will be in there.

Apple needed an engineer to go in and manually delete most of my account. I imagine the situation here will be the same; someone has to remove all the historical da

This is not at all uncommon, unfortunately. Even sites that let you delete your account, complete with a warning about not being able to recover it later, rarely actually delete it (and often have no issue reactivating it later). The problem is that it's basically up to each site to determine how they store user data, through ToS and EULA's that haven't exactly been found to be legally binding or enforceable. There's also no basic expectation for consumers as a result of the lack of such regulations.

Well. As a last resort.1) Change all of your user data that you can. Edit your profile so that all of the data is either blank, or not yours at all.2) Edit your age down to below 13 years old. This may kick in automatic account privacy settings.3) If none of this works, then look at the TOS and find things that they don't want you to do. (ie, Wikipedia freaks out if you mention suing them on any forum. A TOS might make it a violation to badmouth the parent company, or to solicit other users. You might think of creating a couple of throwaway accounts, and getting into a royal flamewar with your invisible clones. Call them really bad names. Threaten to sue them.)4) Do not let number three go into the realm of anything illegal. Don't post porn in public fora. You simply want to make yourself unwelcome at this location.

2) Edit your age down to below 13 years old. This may kick in automatic account privacy settings.

Some sites won't allow you to do that.

3) If none of this works, then look at the TOS and find things that they don't want you to do. (ie, Wikipedia freaks out if you mention suing them on any forum. A TOS might make it a violation to badmouth the parent company, or to solicit other users. You might think of creating a couple of throwaway accounts, and getting into a royal flamewar with your invisible clones. Call them really bad names. Threaten to sue them.)

All the site will do is disable the account, delete the bad posts through the normal moderation process and keep the good posts. You will be no further ahead.

This may actually be a felony. (I.e. it is arguably a violation of the computer fraud and abuse act, limiting the use of a computer to that which is authorized, IIRC).

A "felony"?

Creating sock-puppet accounts and arguing with myself? It's certainly *not* a crime for me to abuse my own computer this way, and if anything at all, a "ToS" violation is nothing more than an excuse to ban my account.

You can try claiming it's not all you want, but that doesn't change the legal facts.

To the letter of the law under the CFAA ANY USE OF A COMPUTER SYSTEM THAT IS NOT AN AUTHORIZED USE is a felony. You must have been asleep the last few years if you missed all the cases of prosecutorial abuse of this law where people have been charged with felonies for (among other things) making accounts for a fake persona (the Megan Meier suicide case) and downloading things too quickly (the Aaron Swartz case). Those are

Content. You retain all ownership rights to the text, photos, video and other content you submit to Nextdoor.com (collectively, your “Content”). We can publish your Content in your neighborhood website or to nearby neighborhoods as described in our privacy policy.

Notice they say rights. The poster owns the posts in that the poster is responsible for the content and the site can not sell or copy the posts to other sites. Those are the general copyright laws. The issue comes in that by posting on the site the owner has given a copy to someone else, much like giving someone a book. The poster still owns the right to the post but not ownership of that specific copy.

Data Modification/Deletion. You can delete your account by contacting us. Alternatively, you can delete most types of individual Content items. Deleting your account will delete all Content you provided, except that we may choose to retain Content incorporated into the neighborhood's conversations (and, as applicable, nearby neighborhoods); and we may attribute that Content to your name even after you depart. If we allow you to change neighborhoods on our site, we may retain your conversation contributions in your old neighborhood and nearby neighborhoods (and keep the attribution to your name) but allow you to move your profile to your new neighborhood. If you are the subject of an unauthorized profile, please contact us.

Don't feel you have to participate in every social media site. You really won't miss anything if you don't. People will tell you, "You have to have a social media presence to get a job" but that's just BS.

In fact, a very good skill to develop is the ability to ignore cultural phenomenon occasionally. It's almost like a superpower and it can really impact your happiness quotient. For example, I've made it to the last act of a semi-celebrity drama without knowing what a "Duck Dynasty" is, and the feeling is awesome. It takes a bit of preparation and planning, but it is possible to filter out nonsense. And make no mistake, social media is nonsense, and it's dangerous. You think you're getting something when in fact you're having something taken from you.

Note: You might ask, "If you don't know what a "Duck Dynasty" is, then how do you know the three-act arc of it's drama has come to an end?"

The answer is that I know someone who obsessively follows all that shit. I asked her about a week back if there was anything about a "Duck Dynasty" that I need to know. She said, "Nah". Today, I got an email from her telling me the story has come to some denouement and said that my willful ignorance of the entire topic turned out to have been a wise choice. (I ask t

Please Note: You might ask, "If you don't know what a "Duck Dynasty" is, then how do you know the three-act arc of it's drama has come to an end?"

The answer is that I know someone who obsessively follows all that shit. I asked her about a week back if there was anything about a "Duck Dynasty" that I need to know. She said, "Nah". Today, I got an email from her telling me the story has come to some denouement and said that my willful ignorance of the entire topic turned out to have been a wise choice. (

Good point. If I may expound on that a little, once you post anything to any site, you essentially lose control of it. With social media like Slashdot which allow you to be a Pseudonymous Coward, there's little downside to that. But for sites like Facebook which require you to provide your real name and other real information, you lose something. Whether you gain more than you lose is up to you. For example, making contact with long-lost friends by using your real name on Facebook might be worth the lo

Just always be ready with damage-control on the stuff you have sprinkled around online. Always be up front with yourself and your employers / whomever else whose opinion of your past internet activities could possibly ever matter enough to make you care that much about it / your employers.

They would mostly be concerned about the image that you reflect onto their company. I've thought of this some times. To me, the best idea is to form a website that is your "professional image" site, and do damage-control from there. Maybe package it very simply with a link off of the front page to "My Web Footprint, Q & A".

Start with a nice lead-in that captures the empathy of the audience.

Go into detail about things that you find cringe-worthy, and shrug them off as not being a very big deal and not being reflective of who you are, today. Explain the misconceptions in your mind that led to those past statements or behaviors, and let the audience know how glad you are that you aren't like that any more. If there's evidence of that, link to the evidence.

There, now you're not a potential liability, you're a success story that the corporation can be happy to link to and parade around as proof that they are in touch with real people, not just any people, upward-mobile people.

You have the opportunity to get out of it in ways that older folks who did things they're ashamed of in the 60's and 70's didn't have:

(1.) The opportunity to face it head-on by knowing fully well that it's easily discoverable information and by becoming your own blackmailer ahead of anyone else.

(2.) The opportunity to spin it however you want and make it into whatever sort of rags-to-riches, turned-over-a-leaf, now-I-know-what-the-salt-of-the-Earth-is-really-like sort of story you really think people want to see.

(3.) The opportunity to surround it with gay frog images and links to buy your published-on-demand memoirs of those weird times.

I had some asshole that I had emailed once dump their entire gmail contact list into nextdoor and now I get a twice weekly email update also asking me to join. I emailed the woman asking her to remove me, but she did not. So...

I filtered their email with the following rules:
1. forward email to originator
2. forward to person who did this to me
3. forward to the investment team who owns the site:
shastaventures.com
4. mark as junk
5. delete

I figure if they won't remove me, they might as well get the email too. You may want to use their email addresses and change the one you have on file with them.

Timothy, Timothy, Timothy. When will you ever learn? "Ask Slashdot" posts belong in the "Ask Slashdot" section so that those of us who choose to filter out those stories can do so. It doesn't work though if you keep posting "Ask Slashdot" stories in other sections.

Yes, their user agreement might say you own your data, and it probably says a lot of other things. But honestly, what did you expect? Did you really think you could give them your data and expect them not to use it? Do you really trust social websites to look out for you? Such sites basically have two ways to make money, by showing you paid ads and selling/renting/"sharing" your data. Sorry, but if you're paying attention you must know that you can't trust any of them with anything you don't want to be publ

The data subject has the right to be informed when his personal data is being processed. The controller must provide his name and address, the purpose of processing, the recipients of the data and all other information required to ensure the processing is fair. (art. 10 and 11)

Data may be processed only under the following circumstances (art. 7):

Non-EU based companies are required to store person-related data in the EU, and thus are in the same situation.

only if they want to be registered under the data protection act. They may do so in order to be able to process data on behalf of an organisation that is, for example a US based company wishing to process a payroll for an EU based company would have to do so. This does not apply to no EU companies that you might just decide to register with and use across the internet though.

OK thought experiment. Barron Bomburst of Vulgaria passes a law that any company which is accesses by citizens of his country has to give him a $1,000,000 birthday present. Do you think that companies based solely in the USA, or anywhere else, would comply?